skill-share
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation describes the automated generation of directory structures and executable files within a 'scripts/' folder. This dynamic content generation based on user-provided inputs (such as skill name and description) presents a surface for local code execution risks if the generated scripts are not properly sandboxed or sanitized.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data that is then used to construct new system components.
- Ingestion points: The skill takes 'skill name' and 'description' as primary inputs during initialization.
- Boundary markers: There are no described delimiters or warnings to prevent the agent from obeying instructions embedded within the user-provided 'description' field.
- Capability inventory: The skill possesses file-writing capabilities (creating SKILL.md and scripts), directory management, and network egress (sending data to Slack).
- Sanitization: The documentation does not mention any sanitization, escaping, or validation of the description content before it is interpolated into the generated skill's metadata and shared with team members.
Audit Metadata